DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-20 are pending.
 
Remarks
In light of Applicant’s amendments, dated 9/14/2020, Examiner calls attention to the following subject matter of claim 1, as well as similar subject matter of claims 12 and 20, as added by amendment: 
“the specific external device acquiring, from a certification authority, encrypted data for the certificate signed by the certification authority and decrypting the encrypted data using the private key to obtain and store therein the certificate”
	The above recited limitation, as applied to claims 1 and 12, is a recitation of intended use, i.e. the device performing the recited functions (i.e. “the specific external device”) is not the device which is being claimed (i.e. “an information processing device” of claim 1, or the “non-transitory computer readable storage medium… for controlling an information processing device” of claim 12), and therefore does not lend patentable weight to the claims.  As the specific external device is not that which is being claimed, steps performed by said device do not lend patentable weight to the claimed invention.  For at least these reasons, the prior 35 USC 103 rejection has been maintained.  If Applicant wishes to include functions of the specific external device in the claimed invention, the specific external device must be 
	With regard to claim 20, the above recited subject matter lends patentable weight to the claim, as steps performed at the specific external device can be considered part of the claimed method.  Therefore, the subject matter has been fully considered and a new ground(s) for rejection provided for claim 20, below.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 11-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Tenenboym et al (PGPUB 2014/0032913), and further in view of Brodie (PGPUB 2017/0063550).

Regarding Claim 1:
Tenenboym teaches an information processing device comprising (abstract, system for validating a digital signature; paragraph 40, end entity EE receives certificate issued by CA; “EE” refers to user’s computing device): 
a storage configured to store a private key (paragraph 91, computer system; paragraph 95, computer system comprising document processing application which receives instructions to apply digital signature including encryption with EE private key; key information stored and maintained within system); 
(paragraph 92, computer system 800 includes receiver/transmitter); 
a processor comprising hardware (paragraph 116, exemplary computer system includes processor, e.g. CPU); and 
a memory storing computer-readable instructions therein, the computer-readable instructions, when executed by the processor, causing the information processing device to perform (paragraph 116-117, exemplary computer system includes memory comprising instructions for execution by computer system): 
acquiring the private key from the storage (paragraph 95, computer system comprising document processing application which receives instructions to apply digital signature including encryption with EE private key; key information stored and maintained within system; paragraph 42, user's private key is used in the method of creating the document, as the user encrypts the content and the certificate with the user's private key);
acquiring a certificate from a specific external device via the communication interface, the certificate including a public key corresponding to the private key (paragraph 35, to send an encrypted message, the sender first applies for a digital certificate from a CA; the CA issues an encrypted digital certificate containing the applicant's public key, and may include other information, such as identification information), 
the specific external device acquiring, from a certification authority, encrypted data for the certificate signed by the certification authority and decrypting the encrypted data using the private key to obtain and store therein the certificate (EXAMINER’S NOTE: This limitation pertaining is a recitation of intended use, as it recites functions performed by “the specific external device”, and not the information processing device as claimed; therefore, it lends no patentable weight to the claimed invention.  For the purposes of art rejection, it is sufficient to show that the certificate is received by the information processing device, regardless of how the specific external device acquired it.  If applicant wishes to include functions of the specific external device in the claim, the specific external device must be claimed as part of a system including the information processing device, or that the information processing device comprises the external device as a subcomponent.), and 
the specific external device being different from the information processing device (paragraph 35, to send an encrypted message, the sender first applies for a digital certificate from a CA; the CA issues an encrypted digital certificate containing the applicant's public key, and may include other information, such as identification information; paragraph 40, EE receives certificate issued by certificate authority CA; paragraph 35, certificate includes public key; paragraph 29, private key creates digital signature, and public key used to verify digital signature; public and private keys mathematically related; paragraph 42, user’s private key used in method of creating document; paragraph 84, computer system communicates with CA through a network); 
converting specific data using the private key to generate converted specific data, the converting including one of encrypting the specific data and decrypting the specific data encrypted using the public key (paragraph 26, one class of common digital signature application generates a digest or dictionary for the content of the electronic document and encrypts the digest using a private key obtained by the signing entity in order to generate the digital signature; the digest can be generated by calculating a hash value of the electronic document according to a digital signature algorithm; paragraph 41-42, EE may use the certificate when applying a signature to a document or other electronic content; EE receives document, which is used to generate the signed copy; in another embodiment, EE may create the content for a document, which is then signed using the certificate issued by CA; EE adds the digital signature, which is generated using an encryption mechanism at the user's computing device; digital signature includes unique identifier which corresponds to digest of the document contents and certificate of source of signature; user encrypts content and certificate with private key and provides public key for decryption; document is stored as document having digital signature); and 
outputting the certificate (paragraph 49, EE signs document with EE certificate; signed document includes content and EE certificate; EE transmits document to another device, in this case another EE; therefore, certificate attached to document is output from original EE).
Tenenboym does not explicitly teach that the storage is non-volatile storage.
However, Brodie teaches the concept of a non-volatile storage configured to store a private key (abstract, secure digital signature device (“gadget”) which generates digital signature key pairs; paragraph 13, invention is a secure digital signature device which generates digital signature key pairs; it transmits public keys to one or more smart devices and signs bit strings at the request of smart devices without exposing private keys; paragraph 28, processor generates asymmetric key pairs; key pairs are stored in non-volatile memory; user authorizes signature to be generated and sent to device using gadget).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the non-volatile key storage teachings of Brodie with the certificate receiving and document signing teachings of Tenenboym.  Brodie lists the advantages of such a system in paragraph 14: “It is a purpose of the invention to enable the use of digital signatures without risking exposure of private keys in a smart device. It is another purpose of the invention to prevent the misuse of the digital signature processing capability to sign transactions or documents not intended by the user. It is a further purpose of the invention to ensure random number generation used in key generation is not compromised by the use of a vulnerable pseudo-random number generator. It is yet a further purpose of this invention to allow a user to safely keep private keys in their possession and therefore invulnerable to host server compromise.”  Therefore, it would be beneficial to combine the teachings of Brodie with the teachings of Tenenboym to improve the security of long-term key storage.

Regarding Claim 2:
Tenenboym in view of Brodie teaches the information processing device according to claim 1.  In addition, Tenenboym teaches wherein the outputting further outputs the converted specific data after encrypting the specific data (paragraph 26, one class of common digital signature application generates a digest or dictionary for the content of the electronic document and encrypts the digest using a private key obtained by the signing entity in order to generate the digital signature; the digest can be generated by calculating a hash value of the electronic document according to a digital signature algorithm; paragraph 49, EE signs document with EE certificate; signed document includes content and EE certificate; EE transmits document to another device, in this case another EE; therefore, certificate attached to document is output from original EE; paragraph 41-42, EE adds the digital signature, which is generated using an encryption mechanism at the user's computing device; digital signature includes unique identifier which corresponds to digest of the document contents and certificate of source of signature; user encrypts content and certificate with private key).

Regarding Claim 3:
Tenenboym in view of Brodie teaches the information processing device according to claim 1.  In addition, Tenenboym teaches wherein the computer-readable instructions, when executed by the processor, cause the information processing device to further perform: 
acquiring data to be signed (paragraph 41-42, EE may use the certificate when applying a signature to a document or other electronic content; EE receives document, which is used to generate the signed copy; in another embodiment, EE may create the content for a document, which is then signed using the certificate issued by CA); and 
(paragraph 26, one class of common digital signature application generates a digest or dictionary for the content of the electronic document and encrypts the digest using a private key obtained by the signing entity in order to generate the digital signature; the digest can be generated by calculating a hash value of the electronic document according to a digital signature algorithm; paragraph 42, digital signature includes unique identifier which corresponds to digest of the document contents), 
wherein the encrypting encrypts the specific data using the private key to generate signature data as the converted specific data (paragraph 41-42, EE adds the digital signature, which is generated using an encryption mechanism at the user's computing device; digital signature includes unique identifier which corresponds to digest of the document contents and certificate of source of signature; user encrypts content and certificate with private key and provides public key for decryption; document is stored as document having digital signature), and 
wherein the outputting outputs signed data including the data to be signed, the signature data, and the certificate (paragraph 42, document with digital signature comprising digest and certificate appended; paragraph 49, EE signs document with EE certificate; signed document includes content and EE certificate; EE transmits document to another device, in this case another EE; therefore, certificate attached to document is output from original EE).

Regarding Claim 4:
Tenenboym in view of Brodie teaches the information processing device according to claim 3.  In addition, Brodie teaches wherein the outputting transmits the signed data to the specific external device via the communication interface (paragraph 44, process starts and begins waiting for transaction signature request message from device; once request is received, authorization occurs; authorization result test results in rejection of the request or continuing on to compute transaction signature on transaction bit string; transaction signature is sent back from gadget to device).
The rationale to combine Brodie and Tenenboym is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 4.

Regarding Claim 11:
Tenenboym in view of Brodie teaches the information processing device according to claim 1.  In addition, Tenenboym teaches the device further comprising: 
a temporary storage configured to temporarily store the certificate acquired from the specific external device even if the certificate is outputted (paragraph 36, 92, certificate is stored in local or external storage device; computer system includes archive module for storing certificates), 
wherein the computer-readable instructions, when executed by the processor, cause the information processing device to further perform determining whether the certificate including the public key corresponding to the private key remains stored in the temporary storage (paragraph 93, archive content is such that content can be reproduced in the future; this would include certificates), and 
wherein the acquiring the certificate acquires the certificate not from the specific external device but from the temporary storage in a case where the certificate corresponding to the private key acquired again remains stored in the temporary storage in a state where the private key is acquired again after the certificate is outputted (paragraph 43, EE certificate becomes possession of document signer; document signer uses EE certificate to sign the content; certificate attached to document is copy of EE certificate).

Regarding Claim 12:


Regarding Claim 13:
This is the non-transitory computer readable storage medium corresponding to the information processing device of claim 2, and is therefore rejected for corresponding reasons.

Regarding Claim 14:
This is the non-transitory computer readable storage medium corresponding to the information processing device of claim 3, and is therefore rejected for corresponding reasons.

Regarding Claim 15:
This is the non-transitory computer readable storage medium corresponding to the information processing device of claim 4, and is therefore rejected for corresponding reasons.

Claims 5-10, 16-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Tenenboym in view of Brodie, and further in view of Willming et al (US 7,114,070).

Regarding Claim 5:
Tenenboym in view of Brodie teaches the information processing device according to claim 1.  In addition, Brodie teaches wherein the non-volatile storage is configured to store a plurality of private keys including a first private key and a second private key in association with a plurality of sets of identification information including first identification information and second identification information on a one-to-one basis, the first private key being associated with the first identification information, and (paragraph 33, 44, Fig. 9, gadget stores transaction key pairs it generates in non-volatile memory, key pairs (plural), i.e. multiple key pairs; form of storage is transaction key table; gadget receives signature request comprising device public key and transaction public key; device public key checked against registered device table; outcome determines whether processing continues to determine if requested transaction public key is known to the gadget; result acquires transaction private key; transaction public keys at least can be seen as identification information of a private key)  
wherein the acquiring the private key acquires: 
in response to designation of the first identification information, the first private key from the non-volatile storage (paragraph 44, processing continues to determine if requested transaction public key is known to the gadget; result acquires transaction private key; for storage with multiple public/private key pairs, this will therefore comprise at least a first and second private key)); and 
in response to designation of the second identification information, the second private key from the non-volatile storage (paragraph 44, processing continues to determine if requested transaction public key is known to the gadget; result acquires transaction private key; for storage with multiple public/private key pairs, this will therefore comprise at least a first and second private key).
The rationale to combine Brodie and Tenenboym is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 5.
Neither Tenenboym nor Brodie explicitly teaches wherein the acquiring the certificate acquires: 
in response to designation of the first identification information, a first certificate including a first public key corresponding to the first private key from the specific external device; and 
in response to designation of the second identification information, a second certificate including a second public key corresponding to the second private key from the specific external device.
However, Willming teaches the concept wherein the acquiring a certificate acquires: 
(abstract, system for automatic digital certificate installation on network devices; col 12 line 11-34, server with pre-stored certificates with certificate filenames (plural, i.e. first and second certificates); filenames can be seen as identification information; col 12 line 35-54, private key of network device comprising key pair including public and private keys; col 14 line 65-col 15 line 15, digital certificate including public key and private key; col 12 line 11-34, server determines whether filename specified in certificate request matches one of the certificate filenames (plural, i.e. first and second certificates) pre-stored in its database; if match is found, server returns certificate associated with private key, which may also be acquired at that time); and 
in response to designation of a second identification information, a second certificate including a second public key corresponding to a second private key from the specific external device (col 12 line 11-34, server determines whether filename specified in certificate request matches one of the certificate filenames (plural, i.e. first and second certificates) pre-stored in its database; if match is found, server returns certificate associated with private key, which may also be acquired at that time).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the key identification information teachings of Willming with the certificate receiving and document signing teachings of Tenenboym in view of Brodie, with the benefit of being able to request specific certificates as required from an external device, improving system efficiency by providing a simple and well-understood system for organizing specific certificate data and corresponding keys.

Regarding Claim 6:
Tenenboym in view of Brodie teaches the information processing device according to claim 1. 

wherein the acquiring the certificate acquires: 
in response to acquisition of the first private key, the first certificate from the specific external device; and 
in response to acquisition of the second private key, the second certificate from the specific external device.
However, Willming teaches the concept wherein a non-volatile storage is configured to store a plurality of private keys including a first private key and a second private key in association with a plurality of filenames including a first filename and a second filename on a one-to-one basis, the plurality of filenames being given to respective ones of a plurality of certificates including a first certificate and a second certificate (abstract, system for automatic digital certificate installation on network devices; col 12 line 11-34, server with pre-stored certificates with certificate filenames (plural, i.e. first and second certificates); col 12 line 35-54, private key of network device comprising key pair including public and private keys; col 14 line 65-col 15 line 15, digital certificate including public key and private key), the first private key being associated with the first filename given to the first certificate including a first public key corresponding to the first private key, and the second private key being associated with the second filename given for the second certificate including a second public (col 12 line 11-34, certificates obtained via certificate filename; col 14 line 65-col 15 line 15, digital certificates (plural) associated with corresponding public and private keys), and 
wherein acquiring a certificate acquires: 
in response to acquisition of the first private key, the first certificate from the specific external device (col 12 line 11-34, server determines whether filename specified in certificate request matches one of the certificate filenames (plural, i.e. first and second certificates) pre-stored in its database; if match is found, server returns certificate associated with private key, which may also be acquired at that time); and 
in response to acquisition of the second private key, the second certificate from the specific external device (col 12 line 11-34, server determines whether filename specified in certificate request matches one of the certificate filenames (plural, i.e. first and second certificates) pre-stored in its database; if match is found, server returns certificate associated with private key, which may also be acquired at that time).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the certificate filename teachings of Willming with the certificate receiving and document signing teachings of Tenenboym in view of Brodie, with the benefit of being able to request specific certificates as required from an external device, improving system efficiency by providing a simple and well-understood system for organizing specific certificate data and corresponding keys.

Regarding Claim 7:
Tenenboym in view of Brodie teaches the information processing device according to claim 1.  In addition, Brodie teaches wherein the non-volatile storage is configured to store a plurality of private (paragraph 33, 44, Fig. 9, gadget stores transaction key pairs it generates in non-volatile memory, key pairs (plural), i.e. multiple key pairs; form of storage is transaction key table), 
wherein the acquiring the private key acquires a specific private key from among the plurality of private keys stored in the non-volatile storage (paragraph 33, 44, Fig. 9, gadget receives signature request comprising device public key and transaction public key; device public key checked against registered device table; outcome determines whether processing continues to determine if requested transaction public key is known to the gadget; result acquires transaction private key).
The rationale to combine Brodie and Tenenboym is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 7.
Neither Tenenboym nor Brodie explicitly teaches wherein the acquiring the certificate comprises: 
in response to acquisition of the specific private key, acquiring a plurality of certificates from the specific external device; and 
selecting a specific certificate from among the plurality of certificates, the specific certificate including a specific public key corresponding to the specific private key.
However, Willming teaches the concept wherein acquiring a certificate comprises (abstract, system for automatic digital certificate installation on network devices; col 12 line 11-34, server with pre-stored certificates with certificate filenames (plural, i.e. first and second certificates); col 12 line 35-54, private key of network device comprising key pair including public and private keys; col 14 line 65-col 15 line 15, digital certificate including public key and private key): 
in response to acquisition of a specific private key, acquiring a plurality of certificates from a specific external device (col 12 line 11-34, server determines whether filename specified in certificate request matches one of the certificate filenames (plural, i.e. first and second certificates) pre-stored in its database; if match is found, server returns certificate associated with private key, which may also be acquired at that time; col 15 line 16-col 16 line 22, if digital certificate file fails one or more validation steps, network entity sends error message to network server that has provided the digital certificate file; upon sending error, network entity may resend request for certificate filename to network server, and method continues; if downloaded certificate is invalid, network entity re-requests certificate file; this can be seen as acquiring a plurality of certificates, e.g. invalid certificates); and 
selecting a specific certificate from among the plurality of certificates, the specific certificate including a specific public key corresponding to the specific private key (col 16 line 23-29, upon successful validation of a certificate file received from network server, network entity installs the received certificates in a memory unit; col 14 line 65-col 15 line 15, digital certificate including public key and private key).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the error checking a plurality of certificates teachings of Willming with the certificate receiving and document signing teachings of Tenenboym in view of Brodie, in order to improve the security and reliability of the network system by ensuring that the received certificate passed necessary error checks, thereby ensuring that the certificate was received whole and undamaged and preventing any possible network problems which would result from using an erroneous certificate.

Regarding Claim 8:
Tenenboym in view of Brodie and Willming teaches the information processing device according to claim 7.  In addition, Willming teaches wherein the computer-readable instructions, when executed by the processor, cause the information processing device to further perform determining whether the certificate acquired from the specific external device is an authentic certificate corresponding to the specific private key acquired from the non-volatile storage (abstract, system and method for automatic digital certificate installation on network devices; col 14 line 52-col 15 line 31, network entity receives digital certificate file and validates prior to installation in memory unit; network entity validates digital signature using public key, name of issuing entity, and verifies whether public key installed on certificate is correct key for private key already installed on network entity), and 
wherein the outputting outputs the certificate in response to determining that the certificate is the authentic certificate (col 3 line 44-col 4 line 6, when network device (i.e. cable modem) receives digital certificate, cable modem authenticates received certificate; when cable modem requests authorization from system, cable modem presents its digital certificate).
The rationale to combine Willming and Tenenboym is the same as provided for claim 7 due to the overlapping subject matter between claims 7 and 8.

Regarding Claim 9:
Tenenboym in view of Brodie and Willming teaches the information processing device according to claim 8.  In addition, Willming teaches wherein the determining comprises: 
performing a first determination using a first determination method for determining whether the certificate is an authentic certificate (col 14 line 52-col 15 line 31, Table 2, network entity receives digital certificate file and validates prior to installation in memory unit; listed errors include “File does not contain Certificate”, therefore, determining that file contains certificate can be seen as first step of certificate authentication); 
in response to determining that the certificate is the authentic certificate in the first determination, performing a second determination using a second determination method for determining whether the certificate is an authentic certificate, the second determination method requiring a higher processing load than the first determination method (col 14 line 52-col 15 line 31, network entity verifies MAC address specified in certificate, whether name of issuer matches subject name, and whether public key in device certificate matches public key installed on network entity and is correct for private key installed on network entity; this requires additional processing load than determining presence of certificate in file); and 
wherein in response to determining that the certificate is not the authentic certificate in the first determination, the second determination is not performed (col 15 line 16-31, Table 2, if digital certificate file fails validation steps, the network entity generates and sends an error message to network server; errors include “File does not contain Certificate”; if file does not contain certificate, further authentication steps cannot continue).
The rationale to combine Willming and Tenenboym is the same as provided for claim 8 due to the overlapping subject matter between claims 8 and 9.

Regarding Claim 10:
Tenenboym in view of Brodie and Willming teaches the information processing device according to claim 9.  In addition, Willming teaches wherein the public key includes a plurality of information items, and the private key includes at least part of the plurality of information items included in the public key corresponding to the private key as shared information (col 14 line 65-col 15 line 15, network entity compares public key modulus and public key exponent in public key to private key; modulus and exponent therefore comprise information items), and 
wherein in the first determination, a determination is made to determine whether the shared information, which is included in the private key acquired from the non-volatile storage, matches the at least part of the plurality of information items of the public key, which is included in the certificate acquired from the specific external device (col 14 line 65-col 15 line 15, network entity compares public key modulus and public key exponent in public key to private key; modulus and exponent therefore comprise information items; if downloaded file does not contain private key, network entity verifies whether public key in device certificate is correct key for private key already installed).
The rationale to combine Willming and Tenenboym is the same as provided for claim 9 due to the overlapping subject matter between claims 9 and 10.

Regarding Claim 16:
This is the non-transitory computer readable storage medium corresponding to the information processing device of claim 5, and is therefore rejected for corresponding reasons.

Regarding Claim 17:
This is the non-transitory computer readable storage medium corresponding to the information processing device of claim 6, and is therefore rejected for corresponding reasons.

Regarding Claim 18:
This is the non-transitory computer readable storage medium corresponding to the information processing device of claim 7, and is therefore rejected for corresponding reasons.

Regarding Claim 19:
This is the non-transitory computer readable storage medium corresponding to the information processing device of claim 8, and is therefore rejected for corresponding reasons.

Claim 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Tenenboym, and further in view of Almahallawy et al (PGPUB 2014/0181504) and Nagarajamoorthy et al (PGPUB 2018/0167812).

Claim 20:
	Tenenboym teaches a method for controlling an information processing device including (abstract, system for validating a digital signature; paragraph 40, end entity EE receives certificate issued by CA; “EE” refers to user’s computing device): 
a storage configured to store a private key (paragraph 91, computer system; paragraph 95, computer system comprising document processing application which receives instructions to apply digital signature including encryption with EE private key; key information stored and maintained within system); and 
a communication interface (paragraph 92, computer system 800 includes receiver/transmitter), the method comprising: 
acquiring the private key from the storage (paragraph 95, computer system comprising document processing application which receives instructions to apply digital signature including encryption with EE private key; key information stored and maintained within system; paragraph 42, user's private key is used in the method of creating the document, as the user encrypts the content and the certificate with the user's private key); 
acquiring a certificate from a specific external device via the communication interface, the certificate including a public key corresponding to the private key (paragraph 35, to send an encrypted message, the sender first applies for a digital certificate from a CA; the CA issues an encrypted digital certificate containing the applicant's public key, and may include other information, such as identification information), 
the specific external device being different from the information processing device (paragraph 35, to send an encrypted message, the sender first applies for a digital certificate from a CA; the CA issues an encrypted digital certificate containing the applicant's public key, and may include other information, such as identification information; paragraph 40, EE receives certificate issued by certificate authority CA; paragraph 35, certificate includes public key; paragraph 29, private key creates digital signature, and public key used to verify digital signature; public and private keys mathematically related; paragraph 42, user’s private key used in method of creating document; paragraph 84, computer system communicates with CA through a network); 
converting specific data using the private key to generate converted specific data, the converting including one of encrypting the specific data and decrypting the specific data encrypted using the public key (paragraph 26, one class of common digital signature application generates a digest or dictionary for the content of the electronic document and encrypts the digest using a private key obtained by the signing entity in order to generate the digital signature; the digest can be generated by calculating a hash value of the electronic document according to a digital signature algorithm; paragraph 41-42, EE may use the certificate when applying a signature to a document or other electronic content; EE receives document, which is used to generate the signed copy; in another embodiment, EE may create the content for a document, which is then signed using the certificate issued by CA; EE adds the digital signature, which is generated using an encryption mechanism at the user's computing device; digital signature includes unique identifier which corresponds to digest of the document contents and certificate of source of signature; user encrypts content and certificate with private key and provides public key for decryption; document is stored as document having digital signature); and 
outputting the certificate (paragraph 49, EE signs document with EE certificate; signed document includes content and EE certificate; EE transmits document to another device, in this case another EE; therefore, certificate attached to document is output from original EE).
However, Tenenboym does not explicitly teach that the storage is non-volatile storage; and

However, Almahallawy teaches the concept wherein a storage is non-volatile storage (abstract, trusted computing device generates certificate signing request on behalf of personal computing device and receiving a certificate which is securely exported to the personal computing device; paragraph 25, personal computing device comprising memory, I/O subsystem, and data storage similar to corresponding components of trusted computing device; paragraph 18-19, memory may be non-volatile memory; I/O subsystem manages storage of encryption keys in memory; paragraph 31, private keys stored in memory); and
a specific external device acquiring from, a certification authority, data for a certificate signed by the certification authority (paragraph 31-34, security module of trusted computing device facilitates provisioning of personal computing device by generating public/private key pair and storing in memory, and generating certificate signing request on behalf of personal computing device; paragraph 40-41, 43 certificate server receives certificate signing request generated by trusted computing device, and generates access certificate for personal computing device, and digitally signs public key generated by trusted computing device on behalf of personal computing device; paragraph 44, certificate provisioning module sends access certificate to trusted computing device over network, which may then securely export or otherwise provide to personal computing device). 
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the intermediate trusted device certificate signing request teachings of Almahallawy with the certificate receiving and document signing teachings of Tenenboym, with the benefit of providing a trusted intermediary device to facilitate provisioning of personal computing devices with access certificates needed to access other computing devices or services on a controlled 
Neither Tenenboym nor Almahallawy explicitly teaches acquiring from, a certification authority, encrypted data for the certificate and decrypting the encrypted data using the private key to obtain and store therein the certificate.
However, Nagarajamoorthy teaches the concept of acquiring from, a certification authority, encrypted data for a certificate and decrypting the encrypted data using a private key to obtain and store therein the certificate (paragraph 9, client device sends certificate signing request to trusted authenticator and receives digital certificate encrypted using public key provided in certificate signing request; client device decrypts digital certificate using private key generated at client device according to key pair generation algorithm, and then provides digital certificate to server; paragraph 64, client device stores decrypted digital certificate in trusted data location).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the encrypted digital certificate teachings of Nagarajamoorthy with the certificate receiving and document signing teachings of Tenenboym in view of Almahallawy, in order to secure the certificate against malicious interception, and require that the agent making use of the certificate is the owner of the private key used for decryption, which provides proof that the certificate is in the possession of the authorized owner, thereby improving the security of the system.

Response to Arguments
Applicant's arguments filed 9/17/2020 have been fully considered but they are not persuasive.

Regarding the rejection of claims under 35 USC 103:
Applicant’s arguments: The Office contends that Tenenboym discloses "acquiring a certificate from a specific external device via the communication interface, the certificate including a public key corresponding to the private key, the specific external device being different from the information processing device" as recited in previous claim 1. In Tenenboym, however, a user's end entity (EE), rather than a specific external device, acquires encrypted data for the certificate corresponding to its own private key directly from the certification authority. Thus, according to Tenenboym, the EE stores both the private key and the certificate. Significantly, Tenenboym fails to teach or suggest a specific external device different from the end entity EE. 
Amended claim 1 recites, among other features, "acquiring a certificate from a specific external device via the communication interface, the certificate including a public key corresponding to the private key, the specific external device acquiring, from a certification authority, encrypted data for the certificate signed by the certification authority and decrypting the encrypted data using the private key to obtain and store therein the certificate, and the specific external device being different from the information processing device." In contrast to Tenenboym, according to claim 1 the specific external device different from the information processing device acquires the encrypted data for the certificate from the certification authority, decrypts the encrypted data, and stores the decrypted certificate therein. Notably, the information processing device acquires the certificate from the specific external device (which stores the encrypted certificate) as called for in claim 1 and not from the certification authority. Moreover, Tenenboym lacks a teaching or suggestion of the specific external device being different from the information processing device as set forth in claim 1. 
Brodie does not remedy at least the above noted deficits of Tenenboym with respect to claim 1. For at least these reasons, the combination of Tenenboym and Brodie assuming (but not conceding) proper would not have resulted in the claim 1 combination of features. Independent claims 12 and 20 

Examiner’s response: As noted above with regard to claims 1 and 12 (see “Remarks”), the amended subject matter consists of a recitation of intended use, i.e. the steps being performed by the specific external device are not part of the claimed information processing device/non-transitory computer readable medium, and therefore do not lend patentable weight to the claimed invention.  For at least these reasons, the 35 USC 103 rejection of claims 1 and 12 is maintained.  However, with regard to claim 20, Examiner agrees that neither Tenenboym nor Brodie explicitly teaches the argued subject matter.  However, a new ground(s) for rejection is provided above which does teach the subject matter of claim 20, as added by amendment.

	Applicant further argues that the dependent claims are allowable due to depending on an allowable independent claim.  However, as shown above, the independent claims are not allowable.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814.  The examiner can normally be reached on 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                         


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491